Interrail takes action after a security incident exposes its passengers' data

In mid-January 2026, the Interrail ticket sales platform, used by millions of European tourists, suffered a security breach. The alert was triggered when unauthorized access to the company's internal systems was identified. From then on, Interrail took action to keep users and the relevant authorities informed.

The incident occurred in the systems of Eurail B.V., the company responsible for Interrail. The compromised data could include information about customer orders and reservations, including basic identity and contact details, as well as information related to travel companions. The company stated that the sensitive information, although not complete payment details, could be used for impersonation or identity fraud.

Interrail has taken immediate action, such as securing the compromised systems, notifying data protection authorities, initiating a forensic investigation with external professionals, and beginning to directly notify customers who may have been affected. The company has not yet confirmed the full extent of the unauthorized access or the actual use of the stolen data. The incident is currently under investigation. Customers who were affected are advised to exercise extreme caution against potential phishing attempts, review their accounts, and change their credentials if necessary.